Below is my i/p file
{
"Count": 2,
"Items": [
{
"total_time": {
"S": "0.000s"
},
"start_date_time": {
"S": "2017-09-19 05:00:43"
},
"bad_records": {
"N": "0"
},
"successful_records": {
"N": "0"
},
"source": {
"S": "mps_dnc"
},
"end_date_time": {
"S": "2017-09-19 05:00:43"
},
"file_name": {
"S": "No File"
},
"total_records": {
"N": "0"
},
"job_name": {
"S": "mps_dnc_out"
}
},
{
"total_time": {
"S": "12.783s"
},
"start_date_time": {
"S": "2017-09-19 11:42:21"
},
"bad_records": {
"N": "0"
},
"successful_records": {
"N": "12094"
},
"source": {
"S": "mps_dnc"
},
"end_date_time": {
"S": "2017-09-19 11:42:34"
},
"file_name": {
"S": "do_not_contact_list_2017-09-19T11_42_20.581Z.txt"
},
"total_records": {
"N": "12094"
},
"job_name": {
"S": "mps_dnc_out"
}
}
],
"ScannedCount": 2,
"ConsumedCapacity": null
}
Below is my probs.conf and limit .conf
[spath]
# number of characters to read from an XML or JSON event when auto extracting
extraction_cutoff = 10000
# cat props.conf
[dynamoout]
TRUNCATE = 0
KV_MODE = json
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
LINE_BREAKER = ([\r\n]*)
DATETIME_CONFIG = CURRENT
[source::/script_logs_mps/*.*]
CHECK_METHOD=entire_md5
Still on splunk i can see only 8 lines.
↧